Recently a car was stopped next to me at the traffic lights. The driver had his phone connected to the car's bluetooth and the conversation could be heard by me crystal clear in the next car - the guy was talking about something to do with money and his business and I assume was completely oblivious to the fact anybody within a 10ft radius of the car could hear his conversation - of course the information was no good to me; but maybe to one of his competitors or somebody who knew what he was talking about, it could be.

So it got me thinking about what activities a person might do on a daily basis that could possibly put their information (online accounts, banking information, private details, secret business information, etc) at risk.

Just a couple I can think of other than the car/bluetooth example to get things started...

Reading email on a mobile device while standing in line: people
around you or even watching CCTV around you can potentially see information you'd rather they didn't

Not collectiong an ATM receipt from the machine - you see this all the time, at the very least you know what the person looks like, and now you know how much money they have available in their savings account

???

I know this is an open ended question, I'll give the answer to whoever has the most amount of examples or most creative/interesting examples

It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
If this question can be reworded to fit the rules in the help center, please edit the question.

6

This question is far too broad, this is a book topic.
–
GdDFeb 1 '13 at 14:34

Show me a book (or any large body of information) on this topic and I'll gladly delete my question. Seriously, not being contentious. I can't find much, so I thought it would make a good question
–
TobyFeb 1 '13 at 14:48

5

It's a good question, just not for this site which requires more focus.
–
GdDFeb 1 '13 at 14:59

2

Indeed, however the question is relevant as it exercises one's self-observation of broad thinking that could certainly be applied to IT Security as well. After all, it is all in the state of mind.
–
LexFeb 1 '13 at 15:14

3 Answers
3

I very often hear people on the bus calling companies and doing personal identification by answering questions such as their Address, Date of Birth, Full name, National Insurance Number (Social Security Number) and what not. I think this is a pretty bad one. By just listening to that you can get a whole bunch of information about the same person within minutes without doing anything: besides all the standard questions, you can hear their cases, their reference numbers and even their bank account details to set up a direct debit.

Also, Shoulder Surfing: less than three weeks ago I went to a big department store to get a contract phone and the chap serving me opened a page on their browser, typed an address and typed his password quite slowly with his two index fingers... I can tell you the username had only 5 characters (what I assumed to be his first initial concatenated to his surname) and a very, very short password of no more than 6 characters.

Since this a very broad question, I'll start with a broad answer: The biggest worst thing someone can do that can do a breach of security is forgetting.

You go into a heated discussuion, and forget about people near you that can hear.

You do/read an important thing on your mobile/laptop and forget that people can look over your shoulders, or that people can come and go at anytime. ---
I bet that the example posted on the 1st question, about someone talking loudly on the phone in their car, when they started the conversation, they didn't expect to stop and that people near-by might hear .

You setup a public proxy in your browser then you forget that its insecure and login to a secure password, and sending your password over an HTTP connection.

You leave your station, without properly locking your pc/laptop.

You give out information to someone, forget that you gave it out, then later on this information becomes valuable, and you do not remember that anyone had this information before. (like giving someone access to a room since there is nothing important there, later on you put there financial records forgetting that that specific person has access to it).

in programming: you write classA, then write classB that utilize classA intensively, then modify classA and not re-verify everything in classB , .. and that will lead to a huge security risk.

There are any number of things that can cause information leak. This is why security is hard. There isn't really a way to answer this question other than to suggest that it can only be answered by carefully considering where is my information going and who could make use of it. Is the risk of someone picking it up small enough or the mitigation against that risk high enough to be worth doing.

There isn't a right or wrong answer. For the guy in the care, yes, people within 10 feet hearing him was a risk, but it was mitigated by the fact that it is highly unlikely that a competitor or someone who is friends with a competitor is standing within 10 feet. It's also unlikely that the limited amount of information disclosed would be useful. Could his really clever competitor tail him with a mic? Sure, but in most cases they aren't going to, so the risk might be acceptable for most people. If they were talking about nuclear launch codes, then it wouldn't be.

It all comes down to any activity that involves sensitive information is a potential leak and the acceptable risks have to be evaluated. That's why "security is hard".